Shorewall users - May 2011 - Trying to make Simple TC work - something's missing

This is using Shorewall 4.4.11.6.

I have an ''Internal'' TC configuration that prioritizes http
traffic
going out eth2 on port 80 over http going out the same interface on
port 3000.  It works nicely.

I am trying to reproduce the same configuration using the Simple TC
mode.

This is a router unit with a http server sitting on eth1 and a client
on eth2.  I apply TC on the traffic from the server going out eth2 to
reply to the laptop''s wget.

         laptop  <-> eth2 router eth1 <-> HTTP server

Here are the options from shorewall.conf I think would matter.  I was
using MARK_IN_FORWARD_CHAIN=Yes for the ''Internal'' mode in
order to
replicate previous Shorewall 4.0.x behaviour, so I kept it for
''Simple''.

TC_ENABLED=Simple
TC_EXPERT=No
WIDE_TC_MARKS=No
CLEAR_TC=Yes
MARK_IN_FORWARD_CHAIN=Yes
FORWARD_CLEAR_MARK=No

First, I get an error when configuring tcinterfaces in the following
way (as per the tcinterfaces web page) :

tcinterfaces
#INTERFACE  TYPE      IN-BANDWIDTH   OUT-BANDWIDTH
eth2        External  -              100mbit

Checking /etc/shorewall/tcinterfaces...
   ERROR: Invalid tcinterfaces entry (too many columns) 
   : /etc/shorewall/tcinterfaces (line 3)

So I simply declare the interface instead.

tcinterfaces
#INTERFACE  TYPE      IN-BANDWIDTH   OUT-BANDWIDTH
eth2        External

And in tcpri I simply have:

#BAND   PROTO   PORT(S) 
1       tcp        80   
3       tcp        3000 

Hopefully, these are destination ports!  I also have tried with
''TCP''
in uppercase.

When shorewall is started succesfully, no ''child/parent''
classes are shown
when using: tc -s -d class show dev eth2

When doing two simultaneous wgets from the laptop, one on port 80 and
one on port 3000, the transfer rates ends up the same: eg. no traffic
control was applied.

You will find attached a shorewall dump made during the above test.

What could be missing to make Simple TC work ?  Is declaring eth2 in
tcinterfaces enough ?  Does tcpri know about eth2 ?

Many thanks for taking the time to look into this !



------------------------------------------------------------------------------
WhatsUp Gold - Download Free Network Management Software
The most intuitive, comprehensive, and cost-effective network 
management toolset available today.  Delivers lowest initial 
acquisition cost and overall TCO of any competing solution.
http://p.sf.net/sfu/whatsupgold-sd

On May 2, 2011, at 5:15 PM, lanas wrote:
> This is using Shorewall 4.4.11.6.
> 
> I have an ''Internal'' TC configuration that prioritizes
http traffic
> going out eth2 on port 80 over http going out the same interface on
> port 3000.  It works nicely.
> 
> I am trying to reproduce the same configuration using the Simple TC
> mode.
> 
> This is a router unit with a http server sitting on eth1 and a client
> on eth2.  I apply TC on the traffic from the server going out eth2 to
> reply to the laptop''s wget.
> 
>         laptop  <-> eth2 router eth1 <-> HTTP server
> 
> Here are the options from shorewall.conf I think would matter.  I was
> using MARK_IN_FORWARD_CHAIN=Yes for the ''Internal'' mode
in order to
> replicate previous Shorewall 4.0.x behaviour, so I kept it for
''Simple''.
> 
> TC_ENABLED=Simple
> TC_EXPERT=No
> WIDE_TC_MARKS=No
> CLEAR_TC=Yes
> MARK_IN_FORWARD_CHAIN=Yes
> FORWARD_CLEAR_MARK=No
> 
> First, I get an error when configuring tcinterfaces in the following
> way (as per the tcinterfaces web page) :
> 
> tcinterfaces
> #INTERFACE  TYPE      IN-BANDWIDTH   OUT-BANDWIDTH
> eth2        External  -              100mbit
> 
From ''man shorewall-tcinterfaces'':

       OUT-BANDWIDTH - [rate[:[burst][:[latency][:[peek][:[minburst]]]]]]
           Added in Shorewall 4.4.13. The terms are defined in tc-tbf(8).

Note the ''Added in shorewall 4.4.13''.

So you *can''t* reproduce your Internal configuration with a Simple one
on 4.4.11.

-Tom

Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________




------------------------------------------------------------------------------
WhatsUp Gold - Download Free Network Management Software
The most intuitive, comprehensive, and cost-effective network 
management toolset available today.  Delivers lowest initial 
acquisition cost and overall TCO of any competing solution.
http://p.sf.net/sfu/whatsupgold-sd

On Mon, 2 May 2011 19:10:03 -0700,
Tom Eastep <teastep@shorewall.net> wrote :

Hello,
> Note the ''Added in shorewall 4.4.13''.
Even when not including the OUT-BANDWIDTH in 4.4.11.6, is there a way
with Simple TC to react on port types ?  To have destination port 3000
given less priority than destination port 80 ?

I have tried with 4.4.19.1 and the problem still remains.  The laptop
has two wget instances (ports 80 and 3000) fetching a 500MB file from
the server:

       laptop  <-> eth2 router eth1 <-> HTTP server

The router has the following configuration (see also attached
compressed sh_dump2) - this is now with 4.4.19.1:

cat tcinterfaces
#INTERFACE      TYPE      IN-BANDWIDTH  OUT-BANDWIDTH
eth2            External  -             100mbit

cat tcpri
#BAND   PROTO   PORT(S)
1       TCP     80
3       TCP     3000

During the transfer:

# tc -s -d class show dev eth2

class tbf 1:1 parent 1: leaf 101:

class prio 101:1 parent 101: leaf 1011:
 Sent 548212535 bytes 362490 pkt (dropped 16, overlimits 0 requeues 33015)
 backlog 0b 23p requeues 33015
class prio 101:2 parent 101: leaf 1012:
 Sent 5978 bytes 41 pkt (dropped 0, overlimits 0 requeues 0)
 backlog 0b 0p requeues 0
class prio 101:3 parent 101: leaf 1013:
 Sent 548297607 bytes 362682 pkt (dropped 94, overlimits 0 requeues 10822)
 backlog 0b 121p requeues 10822

And the wget stats at the end of the transfers:

6.04 MB/s - for port 80
5.53 MB/s - for port 3000

Certainly, the dramatic difference as observed when using Internal TC
is not seen (TC configuration dependent) but I''d expect to see some
larger difference between bands 1 and 3 in Simple TC.  Would that be
actually the case - to actually notice a good difference between bands
1 and 3 in such a two-500MB file transfer test ?  Or should there be
more simultaneous traffic put through to exercize it more and see more
noticeable results ?

Thanks.

------------------------------------------------------------------------------
WhatsUp Gold - Download Free Network Management Software
The most intuitive, comprehensive, and cost-effective network 
management toolset available today.  Delivers lowest initial 
acquisition cost and overall TCO of any competing solution.
http://p.sf.net/sfu/whatsupgold-sd

On Tue, 3 May 2011 20:07:52 -0400,
lanas <lanas@securenet.net> wrote :
> Even when not including the OUT-BANDWIDTH in 4.4.11.6, is there a way
> with Simple TC to react on port types ?  To have destination port 3000
> given less priority than destination port 80 ?
> 
> I have tried with 4.4.19.1 and the problem still remains.  The laptop
> has two wget instances (ports 80 and 3000) fetching a 500MB file from
> the server:
> 
>        laptop  <-> eth2 router eth1 <-> HTTP server
> 
> The router has the following configuration (see also attached
> compressed sh_dump2) - this is now with 4.4.19.1:
Here is the shorewall dump.


------------------------------------------------------------------------------
WhatsUp Gold - Download Free Network Management Software
The most intuitive, comprehensive, and cost-effective network 
management toolset available today.  Delivers lowest initial 
acquisition cost and overall TCO of any competing solution.
http://p.sf.net/sfu/whatsupgold-sd

On Tue, 3 May 2011 20:07:52 -0400,
lanas <lanas@securenet.net> wrote :
> I have tried with 4.4.19.1 and the problem still remains.  The laptop
> has two wget instances (ports 80 and 3000) fetching a 500MB file from
> the server:
> 
>        laptop  <-> eth2 router eth1 <-> HTTP server
I have found that if I put an OUT-BANDWIDTH in tcinterface which is low
enough, then it is easier to observe if traffic control works, when only
using two wget transfers as traffic load.  Using Shorewall 4.4.19.1.
So I have seen it work now.



------------------------------------------------------------------------------
WhatsUp Gold - Download Free Network Management Software
The most intuitive, comprehensive, and cost-effective network 
management toolset available today.  Delivers lowest initial 
acquisition cost and overall TCO of any competing solution.
http://p.sf.net/sfu/whatsupgold-sd

> I have found that if I put an OUT-BANDWIDTH in tcinterface which is low
 > enough, then it is easier to observe if traffic control works,

I just caught this mid-thread, so if this isn''t relevant please ignore.

I spent most of my time with traffic control fine tuning the outbound 
bandwidth parameter - trying to have it set just below the level that my 
outbound link could handle.  As soon as I hit the magic number, the 
congestion on both inbound and outbound links cleared up.

- Bob Coffman

------------------------------------------------------------------------------
WhatsUp Gold - Download Free Network Management Software
The most intuitive, comprehensive, and cost-effective network 
management toolset available today.  Delivers lowest initial 
acquisition cost and overall TCO of any competing solution.
http://p.sf.net/sfu/whatsupgold-sd

On May 5, 2011, at 5:46 PM, Robert K Coffman Jr. -Info From Data Corp. wrote:
>> I have found that if I put an OUT-BANDWIDTH in tcinterface which is low
>> enough, then it is easier to observe if traffic control works,
> 
> I just caught this mid-thread, so if this isn''t relevant please
ignore.
> 
> I spent most of my time with traffic control fine tuning the outbound 
> bandwidth parameter - trying to have it set just below the level that my 
> outbound link could handle.  As soon as I hit the magic number, the 
> congestion on both inbound and outbound links cleared up.
> 
Thanks Bob.

That indeed is the key. Same for IN-BANDWIDTH.

-Tom

Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________




------------------------------------------------------------------------------
WhatsUp Gold - Download Free Network Management Software
The most intuitive, comprehensive, and cost-effective network 
management toolset available today.  Delivers lowest initial 
acquisition cost and overall TCO of any competing solution.
http://p.sf.net/sfu/whatsupgold-sd

On Thu, 05 May 2011 20:46:20 -0400,
"Robert K Coffman Jr. -Info From Data Corp."
<bcoffman@infofromdata.com> wrote :
> I spent most of my time with traffic control fine tuning the outbound 
> bandwidth parameter - trying to have it set just below the level that
> my outbound link could handle.  As soon as I hit the magic number,
> the congestion on both inbound and outbound links cleared up.
Hello, and thanks for the comment.  Can you shed some light on the
actual process of finding that number ?  Have you found some approach
that would help in honing it perhaps in less time ?


------------------------------------------------------------------------------
WhatsUp Gold - Download Free Network Management Software
The most intuitive, comprehensive, and cost-effective network 
management toolset available today.  Delivers lowest initial 
acquisition cost and overall TCO of any competing solution.
http://p.sf.net/sfu/whatsupgold-sd